Web Authentication Based on Trusted Connection

International Journal of Scientific and Research Publications, Volume 8, Issue 1, January 2018 6 ISSN 2250-3153

Web Authentication based on Trusted Connection

Lawrence Amer

Abstract- Demonstrating the ability to develop a new type of So the defense strategy for these attacks in most cases defense technique to your administration panel , sensitive expensive , and needs a lot of rules to follow , if we are talking folder using a simple user friendly interface to authenticate about small firm or medium one , it will be hard ,expensive for administration , client authorized permission depending on them to hire security experts to protect them. trusted IP address using a simple front end application which is Regarding this topic , i have made a research paper to running in external host ,responsible for managing , organizing discuss the best way to secure your protected one with sessions ip while on the other hand , a server side scripting file simple,easy,cheap project to start with running on background to retrieve these sessions and store them for further authentication process Research Guide Index 1) Protocols 2) introduction into Apache Web Server I. INTRODUCTION 3) T.Auth project from idea into building . ow days , Web Applications are the most used and targeted N on Cyber space , i am coming with a Cyber Space definition instead of Internet ,because many of users are not just normal II. PROTOCOLS users . Is a set of rules that governs the commnications between There are a new type of users who are considered as threat computers on a network . many different types of network on the Cyber space called themself as hackers . protocols and standards are required to ensure the computers can Hackers could get into your system in many different ways communicate with each other regarding the type of cards or using Un patched or private vulnerabilities , or by using Social operation systems . Engineering . Reference model defines seven layers of networking protocols as shown below in a box

OSI Layer Name Common Protocols

7 Application HTTP | FTP | SMTP | DNS | Telnet

6 Presentation

5 Session

4 Transport TCP | SPX

3 Network IP | IPX

2 Data Link 1 Physical Ethernet

So as picture above , we can see the OSI Layers , but at FTP - File Transfer Protocol - a protocol that is used to this time we are going to explain transfer and manipulate files on the Internet Application OSI Layer which is related to research paper . HTTP - HyperText Transfer Protocol - An Internet-based DNS - Domain Name System - translates network address protocol for sending and receiving webpages (such as IP addresses) into terms understood by humans (such as IMAP - Internet Message Access Protocol - A protocol for Domain Names) and vice-versa e-mail messages on the Internet IRC - Internet Relay Chat - a protocol used for Internet chat and other communications POP3 - DHCP - Dynamic Host Configuration Protocol - can Post Office protocol Version 3 - a protocol used by e-mail clients automatically assign Internet addresses to computers and users to retrieve messages from remote servers

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 8, Issue 1, January 2018 7 ISSN 2250-3153

SMTP - Simple Mail Transfer Protocol - A protocol for e- mail messages on the Internet V. THE IDEA OF T.AUTH APPLICATION Publishing your site ,blog..etc into the Internet is some III. APACHE HTTP SERVER . (WIKIPEDIA REFERENCE ) thing very popular these days specially web application Apache Server is free and open-source cross-platform web developers made it easy to you to setup it correctly . server software, released under the terms of Apache License 2.0. but many of these websites got hacked or being hacked every day Apache is developed and maintained by an open community of The reason behind this , is the weakness of security knowledge developers under the auspices of the Apache Software on sites administrators . or even published vulnerabilities that Foundation. allow hackers to get access into your zone . The Apache HTTP Server is cross-platform; as of 1 June Most of usage techniques used these days to protect your 2017 92% of Apache HTTPS Server copies run on Linux site is to install and configure security tools that makes it hard distributions. Version 2.0 improved support for non-Unix into hackers to get in . but this actually doesn't put an end for operating systems such as Windows and OS/2. Old versions of hackers there is always a way to break in . Apache were ported to run on OpenVMS and NetWare. So after deep thinking of a way to know how to secure it in Originally based on the NCSA HTTPd server, a kind of easy to use the idea of developing a project to do it was development of Apache began in early 1995 after work on the screaming in my mind . NCSA code stalled. Apache played a key role in the initial My thought was toward developing a way to secure growth of the World Wide Web,quickly overtaking NCSA administration folders depending on IP Address Whitelist , but HTTPd as the dominant HTTP server, and has remained most how to do that if there are many administrators and each one of popular since April 1996. In 2009, it became the first web server them connecting from dynamic ip address not a static one . software to serve more than 100 million websites.As of July 2016 was estimated to serve 46% of all active websites and 43% of the top million websites. VI. PREPARATION OF THE IDEA Using Dynamic Dns is the only way that can we use to make sure that host is resolved into IP address . IV. FEATURE OVERVIEW There are many Dynamic Dns Free Providers like no-ip Apache supports a variety of features, many implemented company , but as you know these applications are standalone and as compiled modules which extend the core functionality. These every user must download the client and enter the information can range from server-side programming language support to then establish the connection , i think it is also hard for simple authentication schemes. Some common language interfaces users and for sure they will not accept it as solution besides every support Perl, Python, Tcl and PHP. Popular authentication administrator should has his own DNS entries . in this case it is modules include mod_access, mod_auth, mod_digest, and waste of time and energy . mod_auth_digest, the successor to mod_digest. A sample of So the only way was is to start building web application other features include Secure Sockets Layer and Transport Layer which will do all these things to gather with out so much Security support (mod_ssl), a proxy module (mod_proxy), a interactions of users . URL rewriting module (mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter). Features of T-Auth Web application Popular compression methods on Apache include the external extension module, mod_gzip, implemented to help with  unlimited users accounts with isolated panels reduction of the size (weight) of Web pages served over HTTP.  simple and user friendly ModSecurity is an open source intrusion detection and  Dynamic DNS Login information are stored in database prevention engine for Web applications. Apache logs can be  Customized external host & domain . analyzed through a Web browser using free scripts, such as AWStats/ W3Perl or Visitors.  monitoring users activity with super administration panel . Virtual hosting allows one Apache installation to serve easy to ban unwanted sessions . many different Web sites. For example, one machine with one Apache installation could simultaneously serve www.example.com, www.example.org, test47.test- server.example.edu, etc. Apache features configurable error messages, DBMS- based authentication databases, and content negotiation. It is also supported by several graphical user interfaces (GUIs). It supports password authentication and digital certificate authentication. Because the source code is freely available, anyone can adapt the server for specific needs, and there is a large public library of Apache add-ons

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 8, Issue 1, January 2018 8 ISSN 2250-3153

uth Frontend CMS Developing this application wasn't easy as expected , since we have to add many feature including permissions ,groups . and connection libraries to start with on establishing DDNS updating through their public Api

CMS contains of :  Login user interface  table for current ddns host with username , so every user has his own host ddns details stored in database . Update user current ip after clicking on Activate button Project Requirement

 Apache Web Server So after clicking on activate it button , the application will  Apache Rewrite mode enabled (Allow Override connect using details saved and response with connection status . All)  Php 5.6 or above  Mysql Database  an Account on Dynamic Dns Prodvider (no-ip is supported)  Linux Sever

Working Strategy Developing a bash script to get the current Ip address from the selected Dynamic Dns provider the idea of bash script is to add it as cron job into targeted Linux server , and will be running every 5 min to get user updated ip address then add it into .htaccess file on administrator folder . with custom rule to deny all IP Address and only allow the authorized ones . Below is digram to explain how bash script will connect into specific ddns host to get the new IP Address which is updated from T.Auth CMS php Application .

Digram 1. 2 - bash script

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 8, Issue 1, January 2018 9 ISSN 2250-3153

Image above shows expect work of how server will AUTHORS know that administrators are already have their trusted IP First Author – Lawrence Amer Address since they have login into different external host to send their ip address into verification process , which finally will be allowed to get into administrators folders .